1. Field of the Invention
The present invention relates to Fibre Channel security. More specifically, the present invention relates to methods and apparatus for providing confidentiality for Fibre Channel control messages encapsulated within Common Transport Information Units.
2. Description of Related Art
Very limited security exists in Fibre Channel networks. One form of security for Fibre Channel networks is physical security. All Fibre Channel network entities, such as switches, disks, tape libraries, disk arrays, and servers can be located in a secure and trusted environment. Access can be limited and strict controls can be maintained over the Fibre Channel fabric. However, it is not always feasible to locate every Fibre Channel network entity in a secured environment.
Some security schemes have focused more on secure links. When a new Fibre Channel network entity is introduced into a Fibre Channel fabric, directly neighboring nodes check the newly introduced entity to determine whether or not the newly introduced node is authorized to connect to the fabric. However, the checks are made only once by some directly neighboring nodes. Other more distant nodes are unable to perform any checking. Furthermore, once the link is established, no further security is provided. The fabric is deemed trusted even though the Fibre Channel fabric is still vulnerable to certain attacks such as spoofing, hijacking, or impersonation.
It is therefore desirable to provide methods and apparatus for improving security in a Fibre Channel network and in particular for improving authentication, confidentiality, message integrity protection, and anti-replay protection in a Fibre Channel fabric with respect to some or all of the limitations noted above.
The Fibre Channel Generic Services 3 (“FC-GS-3”) Standard (formerly ANSI NCITS 348-2001) defines CT_Authentication, a security transform for Fibre Channel Common Transport Information Units, that may be used to provide anti-replay and integrity protection to control traffic. However, no provision is currently made to provide confidentiality to control traffic, even though such confidentiality would be highly desirable. Without confidentiality, Common Transport may not be used to transport sensitive data such as passwords or secrets that are a very valuable subset of control information.